From owner-freebsd-questions  Thu Dec 10 13:41:37 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id NAA22280
          for freebsd-questions-outgoing; Thu, 10 Dec 1998 13:41:37 -0800 (PST)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from esmeralda.xaa.iae.nl (esmeralda.xaa.iae.nl [194.151.75.9])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA22263
          for <questions@FreeBSD.ORG>; Thu, 10 Dec 1998 13:41:27 -0800 (PST)
          (envelope-from freebsd@xaa.iae.nl)
Received: from ariel.xaa.iae.nl (ariel.xaa.iae.nl [194.151.75.10])
	by esmeralda.xaa.iae.nl (Postfix) with ESMTP
	id 5412016C; Thu, 10 Dec 1998 22:41:17 +0100 (MET)
Received: by ariel.xaa.iae.nl (Postfix, from userid 1008)
	id 18DD13EC4; Thu, 10 Dec 1998 22:41:17 +0100 (CET)
Date: Thu, 10 Dec 1998 22:41:16 +0100
From: Mark Huizer <freebsd@xaa.iae.nl>
To: Michael Borowiec <mikebo@Mcs.Net>
Cc: questions@FreeBSD.ORG
Subject: Re: Securing the FreeBSD console
Message-ID: <19981210224116.A810@ariel.xaa.iae.nl>
References: <199812091715.MAA32666@laker.net> <199812091734.LAA05725@Mars.mcs.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.94.10i
In-Reply-To: <199812091734.LAA05725@Mars.mcs.net>; from Michael Borowiec on Wed, Dec 09, 1998 at 11:34:00AM -0600
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> First of all, in larger companies, development engineers are rarely
> responsible for plant security - and the plant security people are not
> responsible for computer security. So it falls to the UNIX admin...
> It's still a problem, even though you think it's absurd.
> 
> Of course, physical access is everything. That's fundamental... However,
> xlock is SUPPOSED to provide a modicum of security. Otherwise it's just a
> screen saver, and then what's the point of it requiring a password?!
> 
> My point is simply this: If xlock will not provide the security that
> reasonable people have come to expect, due to keyboard escapes in
> underlying systems, those HOLES should be documented. Not a lot to ask...
> 
You can't blame the X server for being started as a simple user program.
I'd say this is the expected behaviour, and I'd like it that way.

two ways to solve your problem:

use
'exec startx' instead of 'startx' to start your server, so a controlC or
controlZ will just drop you to the login prompt.

or...
run X from init (put it in /etc/ttys), so ppl have their login there,
and not on a text prompt.

All trouble solved.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message